On Tap

All the latest news

Your data collection process may be POPI compliant, but are your IT systems?

The Protection of Pubic Information Act (POPI) came into effect on 1 July 2021. POPI regulates how personal information (of a person or company) is collected, used, stored, disseminated, modified and destroyed.

From a business perspective, focus falls on demonstrating transparency and accountability of the purpose for which data is gathered.

But what does this mean for your existing IT systems?

In short, you need to check that they’re POPI compliant. If they are, you’re good to go. If they’re not, you need to implement the necessary changes to ensure you comply with the law.

Security safeguards

POPI sets out 8 conditions for the lawful processing and storing of data. Specifically, condition #7, security safeguards, details the security measures POPI requires around personal information.

According to this condition, as a company you must employ ‘appropriate, reasonable technical and organisational measures’ that prevent unlawful access to, or the loss or damage to, personal information.

To do this:

  1. First conduct a thorough risk assessment of your existing data capture and storage systems and processes.
  2. Upgrade your IT systems where necessary to meet the minimum POPI requirements around ‘security safeguards’.
  3. Test and verify the effectiveness of the implemented security safeguards.
  4. Ensure these security safeguards are consistently maintained.
  5. Ensure these safeguards are regularly updated to prevent new deficiencies or risks.

Redstor

Redstor is one of the solutions we’re recommending to clients who want to ensure POPI compliance.

It offers a powerful, cloud-based data management platform that enables you to manage your data from a single control centre, unifying critical functions like backup, data recovery and archiving. It also ensures access to all your business’s data off site, from any location, further assisting with compliance.

Redstor ensures all aspects of POPI are upheld with regards to backup data and working with data processors. It is ISO 27001 and 9001 certified, and the company has 20 years’ experience in managing and protecting data across multiple platforms for organisations of all sizes, from enterprises to SMEs to schools.

Sophos

Sophos is the second solution we’re offering our clients. It specifically addresses POPI condition #7 by helping clients ensure the integrity and confidentiality of personal information.

It does this via a 3-pronged approach:

  • Perimeter defence: secures your network with advanced threat protection, IPS, sandboxing, web and email protection, offering a co-ordinated defence against advanced attacks.
  • Data protection: protects your endpoints from data-stealing malware, including email and VPN tunnels, and mobile devices.
  • Controlled access to data: user-based next-gen controls over applications, web surfing, and other network resources with authenticated users for specified access and advanced two-factor authentication for high-profile accounts.

Not only do Redstor and Sophos ensure POPI compliance around ‘security safeguards’, but they also protect your sensitive company data and shield you from other high-impact data risks, such as ransomware.

We are currently offering FREE demonstrations to illustrate exactly how Redstor and Sophos work to meet legislative requirements.

Want to see how we can help you ensure POPI compliance? Contact us today for a demonstration, advice or a second opinion on your data security systems.

Google+

View all news items